API tools faq
paste
Advertisement
SycoLTH

libreswan setup

SycoLTH
May 26th, 2017
110
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.36 KB | None | 0 0
raw download clone embed print report
  1. function startVPN() {
  2. cat <<EOF > /etc/ipsec.conf
  3. config setup
  4.   nat_traversal=yes
  5.   protostack=netkey
  6.   oe=off
  7.   virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
  8.   keep_alive=60
  9. conn CONN
  10.   authby=secret
  11.   pfs=no
  12.   auto=add
  13.   keyingtries=3
  14.   dpddelay=30
  15.   dpdtimeout=120
  16.   dpdaction=clear
  17.   rekey=yes
  18.   ikelifetime=8h
  19.   keylife=24h
  20.   type=transport
  21.   left=$LOCAL_IP
  22.   leftsubnet=$LOCAL_SUBNET
  23.   leftnexthop=%defaultroute
  24.   right=$REMOTE_IP
  25.   rightsubnet=$REMOTE_SUBNET
  26. EOF
  27. cat /etc/ipsec.conf
  28. echo
  29. echo
  30.  
  31. cat <<EOF > /etc/ipsec.secrets
  32. %any $REMOTE_IP : PSK "$SHARED_SECRET"
  33. EOF
  34. cat /etc/ipsec.secrets
  35. echo
  36. echo
  37.  
  38. cat <<EOF > /etc/xl2tpd/xl2tpd.conf
  39. [global]
  40. listen-addr=$LOCAL_IP
  41.  
  42. [lac vpn-conn]
  43. lns=$REMOTE_IP
  44. ppp debug=yes
  45. pppoptfile=/etc/ppp/options.l2tpd.conf
  46. length bit=yes
  47. EOF
  48. cat /etc/xl2tpd/xl2tpd.conf
  49. echo
  50. echo
  51.  
  52. cat <<EOF > /etc/ppp/options.l2tpd.conf
  53. ipcp-accept-local
  54. ipcp-accept-remote
  55. refuse-eap
  56. refuse-chap
  57. refuse-mschap
  58. refuse-pap
  59. require-mschap-v2
  60. noccp
  61. noauth
  62. mtu 1200
  63. mru 1200
  64. nodefaultroute
  65. name $USERNAME
  66. password $PASSWORD
  67. EOF
  68. cat /etc/ppp/options.l2tpd.conf
  69. echo
  70. echo
  71.  
  72. echo 1 > /proc/sys/net/ipv4/ip_forward
  73. for x in /proc/sys/net/ipv4/conf/*; do
  74.   echo 0 > $x/accept_redirects
  75.   echo 0 > $x/send_redirects
  76. done
  77. systemctl restart iptables
  78. iptables --table nat -A POSTROUTING -j MASQUERADE
  79.  
  80. mkdir -p /var/run/xl2tpd
  81. touch /var/run/xl2tpd/l2tp-control
  82.  
  83. systemctl start ipsec
  84. sleep 3
  85.  
  86. systemctl start xl2tpd
  87. sleep 3
  88.  
  89. ipsec auto --up CONN
  90. sleep 3
  91.  
  92. echo "c vpn-conn" > /var/run/xl2tpd/l2tp-control
  93. sleep 3
  94.  
  95. echo
  96.  
  97. V_IP=$(ip addr show dev ppp0|grep -oP 'inet\ (\d+\.){3}\d+'|awk '{print $2}'|cut -d'/' -f1)
  98. echo "V_IP: $V_IP"
  99. ip route add $REMOTE_SUBNET via $V_IP dev ppp0
  100. }
  101.  
  102. function stopVPN() {
  103. echo 'ipsec auto --down CONN'
  104. ipsec auto --down CONN
  105. sleep 3
  106.  
  107. echo -n 'systemctl stop xl2tpd '
  108. systemctl stop xl2tpd
  109. sleep 3
  110.  
  111. echo -n 'systemctl stop ipsec '
  112. systemctl stop ipsec
  113. sleep 3
  114.  
  115. rm -f /etc/ipsec.conf
  116. rm -f /etc/ipsec.secrets
  117. rm -f /etc/xl2tpd/xl2tpd.conf
  118. rm -f /etc/ppp/options.l2tpd.conf
  119. }
  120.  
  121. USERNAME='your_USERNAME'
  122. PASSWORD='your_PASSWORD'
  123.  
  124. LOCAL_IP='your_LOCAL_IP'
  125. LOCAL_MASK='your_LOCAL_MASK'
  126. LOCAL_SUBNET='your_LOCAL_SUBNET'
  127.  
  128. REMOTE_IP='your_REMOTE_IP'
  129. REMOTE_SUBNET='your_REMOTE_SUBNET'
  130. SHARED_SECRET='your_SHARED_SECRET'
  131.  
  132. stopVPN
  133. startVPN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!